Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Multiple Vulnerabilities in OpenSSL

 

Systems Affected


OpenSSL 1.0.2
OpenSSL 1.0.1
OpenSSL 1.0.0
OpenSSL 0.9.8

Threat Level


Medium


Overview


Multiple vulnerabilities have been reported in OpenSSL which could allow a remote attacker to cause denial of service conditions or obtain sensitive information.


Description


1. Information Disclosure Vulnerability ( CVE-2015-3193 )
This vulnerability exists in Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform due to an error while implementing the BN_mod_exp function. A remote attacker could exploit this vulnerability by sending specially crafted requests to a targeted application which relies on OpenSSL. This could lead to produce weaker cryptographic protection than expected. Successful exploitation of this vulnerability could result in obtaining sensitive private key information.

2. OpenSSL Certificate Processing Denial of Service Vulnerability ( CVE-2015-3194 )
This vulnerability exists in crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 due to its failure of handling certificate signatures. A remote attacker could exploit this vulnerability by sending a certificate with a specially crafted ASN.1 signature that uses the RSA PSS algorithmand absentmask generation function parameter. This could lead to the application to crash with a NULL pointers dereference. Successful exploitation of this vulnerability could lead to denial of service conditions.

3. OpenSSL X509_ATTRIBUTE Memory Leak Vulnerability ( CVE-2015-3195 )
This vulnerability exists in the ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL due to improper handling caused by the malformed X509_ATTRIBUTE data. A remote attacker could exploit this vulnerability by sending malicious requests to an application which uses the OpenSSL library. This triggers a memory leak resulting in disclosure of sensitive information.

4. Race Condition Vulnerability ( CVE-2015-3196 )
This vulnerability exists in ssl/s3_clnt.c in OpenSSL due to improper memory operations. A remote attacker could exploit this vulnerability by sending a specially crafted ServerKeyExchange message triggering a race condition resulting in a double free error condition. Successful exploitation of this vulnerability could lead to denial of service conditions.

5. Denial of Service Vulnerability ( CVE-2015-1794 )
This vulnerability exists in the ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL. A remote attacker could exploit this vulnerability by sending a malicious zero p value in a ServerKeyExchange message resulting in a segmentation fault. Successful exploitation of this vulnerability could lead to denial of service conditions.


Impact



Solution/ Workarounds


Apply appropriate patches as mentioned in the following link
http://openssl.org/news/secadv/20151203.txt


References


http://www.cert-in.org.in/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.